2017 was probably the best year for cryptocurrency mainly due to the popularity and exceptional surge in the value of Bitcoin. Unfortunately that also means cybercriminals started to invest their efforts to leverage that popularity and urgency. Nearly 73% of all Bitcoin related sites (used in the sample) suffered a Distributed Denial of Service (DDoS) attack in the third quarter of 2017 according to a recent report by Imperva Incapsula. The company also revealed that this previously unseen focus on Bitcoin turned digital currency sector into one of the most targeted industry verticals.
Cryptocurrency related scams and attacks now sit at number 8 of the top 10 most targeted industries list. "Overall, more than 73% [73.9] of all bitcoin sites using our services were attacked this quarter, making it one of the most targeted industries, despite its relatively small size and web presence,” the company said.
This isn't the only report that talks about criminals' focus on digital currency. The extraordinary surge in the value of bitcoin has resulted in a myriad of attacks and tricks. Only yesterday, another report revealed that Quant loader that was previously used to distribute ransomware and malware, is now targeting cryptocurrency wallets. After spotting an active Quant loader administration panel on a newly registered domain, Forcepoint Security Labs discovered that the new samples of Quant include a cryptocurrency credentials stealing file (bs.dll.c).
"BS.DLL.C is a small Borland Delphi based library created for extracting several less-popular cryptocurrency wallets from the victims' computer - besides the perennial number one suspect that is Bitcoin," the team wrote.
It scans the user's Application Data directory for supported wallets, extracts the information found, and transfers it over to the C2 server.
DDoS attacks could be used to manipulate prices, take down competition
While criminals start focusing on cryptocurrency through trojans and malware families, DDoS attacks are believed to have been launched by those in the industry itself. A synchronised attack on popular services that makes them inaccessible allows competitors or others in the industry spread rumors about the reasons behind this outage, potentially enabling them to manipulate prices. Additionally, criminals also use this tactic to extort money from the affected sites, the researchers said. "This is a clear example of DDoS attackers following the money," Igal Zeifman, director at Imperva Incapsula, said.
"As a rule, extortionists and other cybercriminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected."